Bump Microsoft.Extensions.Http from 10.0.2 to 10.0.3 #15

Workflow file for this run

	name: Docker CI/CD

	on:
	pull_request:
	branches: [main]
	paths:
	- ".github/workflows/docker.yml"
	- "docker-compose.yml"
	- ".dockerignore"
	- "Directory.Build.props"
	- "Directory.Build.targets"
	- "AdvancedDevSample.Api/**"
	- "AdvancedDevSample.Application/**"
	- "AdvancedDevSample.Infrastructure/**"
	- "AdvancedDevSampleDomain/**"
	- "AdvancedDevSample.Frontend/**"
	push:
	branches: [main]
	paths:
	- ".github/workflows/docker.yml"
	- "docker-compose.yml"
	- ".dockerignore"
	- "Directory.Build.props"
	- "Directory.Build.targets"
	- "AdvancedDevSample.Api/**"
	- "AdvancedDevSample.Application/**"
	- "AdvancedDevSample.Infrastructure/**"
	- "AdvancedDevSampleDomain/**"
	- "AdvancedDevSample.Frontend/**"
	tags:
	- "v*"

	concurrency:
	group: docker-${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	docker-ci:
	name: Docker Build And Smoke Test
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

	- name: Build API image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	file: AdvancedDevSample.Api/Dockerfile
	push: false
	tags: advanceddevsample-api:ci
	cache-from: type=gha,scope=api-ci
	cache-to: type=gha,mode=max,scope=api-ci

	- name: Build Frontend image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	file: AdvancedDevSample.Frontend/Dockerfile
	push: false
	tags: advanceddevsample-frontend:ci
	cache-from: type=gha,scope=frontend-ci
	cache-to: type=gha,mode=max,scope=frontend-ci

	- name: Start compose stack
	run: docker compose up -d --build

	- name: Wait for API readiness
	shell: bash
	run: \|
	for i in {1..60}; do
	if curl -fsS http://localhost:5069/health/ready >/dev/null; then
	echo "API is ready"
	exit 0
	fi
	sleep 2
	done
	echo "API readiness probe failed" >&2
	exit 1

	- name: Wait for Frontend availability
	shell: bash
	run: \|
	for i in {1..60}; do
	if curl -fsS http://localhost:8080 >/dev/null; then
	echo "Frontend is available"
	exit 0
	fi
	sleep 2
	done
	echo "Frontend availability probe failed" >&2
	exit 1

	- name: Show compose status and logs on failure
	if: ${{ failure() }}
	run: \|
	docker compose ps -a
	docker compose logs --no-color --tail=200

	- name: Stop compose stack
	if: ${{ always() }}
	run: docker compose down -v

	docker-cd:
	name: Docker Publish
	if: github.event_name == 'push'
	needs: docker-ci
	runs-on: ubuntu-latest
	outputs:
	api_digest: ${{ steps.build_api.outputs.digest }}
	frontend_digest: ${{ steps.build_frontend.outputs.digest }}
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Normalize image owner
	id: owner
	shell: bash
	run: echo "value=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"

	- name: Setup QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

	- name: Login to GHCR
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker metadata (API)
	id: meta_api
	uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.9.1
	with:
	images: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api
	tags: \|
	type=sha
	type=ref,event=branch
	type=ref,event=tag
	type=raw,value=latest,enable={{is_default_branch}}

	- name: Docker metadata (Frontend)
	id: meta_frontend
	uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.9.1
	with:
	images: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend
	tags: \|
	type=sha
	type=ref,event=branch
	type=ref,event=tag
	type=raw,value=latest,enable={{is_default_branch}}

	- name: Build and push API image
	id: build_api
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	file: AdvancedDevSample.Api/Dockerfile
	push: true
	platforms: linux/amd64,linux/arm64
	tags: ${{ steps.meta_api.outputs.tags }}
	labels: ${{ steps.meta_api.outputs.labels }}
	sbom: true
	provenance: mode=max
	cache-from: type=gha,scope=api-publish
	cache-to: type=gha,mode=max,scope=api-publish

	- name: Build and push Frontend image
	id: build_frontend
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	file: AdvancedDevSample.Frontend/Dockerfile
	push: true
	platforms: linux/amd64,linux/arm64
	tags: ${{ steps.meta_frontend.outputs.tags }}
	labels: ${{ steps.meta_frontend.outputs.labels }}
	sbom: true
	provenance: mode=max
	cache-from: type=gha,scope=frontend-publish
	cache-to: type=gha,mode=max,scope=frontend-publish

	- name: Install Cosign
	uses: sigstore/cosign-installer@b4da77ecad80ff9afe572690e3ce4a55a58e629c # v3.9.1

	- name: Sign API image
	shell: bash
	run: \|
	api_image="ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api@${{ steps.build_api.outputs.digest }}"
	cosign sign --yes "$api_image"

	- name: Sign Frontend image
	shell: bash
	run: \|
	frontend_image="ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend@${{ steps.build_frontend.outputs.digest }}"
	cosign sign --yes "$frontend_image"

	image-vuln-scan:
	name: Container Vulnerability Scan
	if: github.event_name == 'push'
	needs: docker-cd
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	steps:
	- name: Normalize image owner
	id: owner
	shell: bash
	run: echo "value=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"

	- name: Login to GHCR
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Scan API image (HIGH/CRITICAL)
	uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
	with:
	image-ref: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-api@${{ needs.docker-cd.outputs.api_digest }}
	format: table
	severity: HIGH,CRITICAL
	ignore-unfixed: true
	vuln-type: os,library
	exit-code: "1"

	- name: Scan Frontend image (HIGH/CRITICAL)
	uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
	with:
	image-ref: ghcr.io/${{ steps.owner.outputs.value }}/advanceddevsample-frontend@${{ needs.docker-cd.outputs.frontend_digest }}
	format: table
	severity: HIGH,CRITICAL
	ignore-unfixed: true
	vuln-type: os,library
	exit-code: "1"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump Microsoft.Extensions.Http from 10.0.2 to 10.0.3 #15

Workflow file

Bump Microsoft.Extensions.Http from 10.0.2 to 10.0.3 #15

Uh oh!

Workflow file for this run